Bug 8149521
Bill Mair
bill.mair at web.de
Thu May 5 15:47:49 UTC 2016
Hi,
I've just ran in to the same problem described in this bug:
https://bugs.openjdk.java.net/browse/JDK-8149521
I found it in java7u79 and I used java8u91 to confirm it still exists.
The error is in "com.sun.jndi.ldap.ServiceLocator" at line 273
(http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/df209f221cca/src/share/classes/com/sun/jndi/ldap/ServiceLocator.java),
The "Hostname" token always has a trailing "." (period). This doesn't
normally matter for "normal" network operation but it is critical where
working with Kerberos.
If you use "ldap:///dc=example,dc=com" the the corresponding name might
be something like "ldap1.example.com."(notice the trailing dot)
Kerberos is then looking for "ldap/ldap1.example.com." instead of
"ldap/ldap1.example.com"
The first record simply doesn't exist in the kerberos DB.
Regards,
Bill Mair
More information about the core-libs-dev
mailing list